I have a Samba share containing many folders like this:
share
- folderA
- folderB
- folderC
- folderD
There are around 20 users accessing those shares. Every user can have their individual access to some of the directories, for example Ben can access folderA and folderC, but not folderB and folderD. Jenny can access folderB and folderC, and so on.
I don't want the users to mount each folder they need. I want them to mount the folder "share" which contains all the subfolders. The access is then limited by setting the linux permissions.
I created a group for every subdirectory and added the users to those groups. The access control works perfectly for existing files. But whenever a user creates a file in a subdirectory, it is denied for every other user having the permission for read/write access in that directory. To solve this, I played around with the samba masking but can't get it to work.
My Samba conf looks like this:
guest ok = no
[global]
workgroup = WORKGROUP
security = user
encrypt passwords = yes
[Share]
path = /var/samba
valid users = @everybody
read only = no
writeable = yes
[folderA]
path = /var/samba/folderA
valid users = @users_folderA
read only = no
writeable = yes
create mask = 770
directory mask = 770
force directory mode = 770
force group = users_folderA
[folderB]
path = /var/samba/folderB
valid users = @users_folderB
read only = no
writeable = yes
create mask = 770
directory mask = 770
force directory mode = 770
force group = users_folderB
[folderC]
path = /var/samba/folderC
valid users = @users_folderC
read only = no
writeable = yes
create mask = 770
directory mask = 770
force directory mode = 770
force group = users_folderC
[folderD]
path = /var/samba/folderD
valid users = @users_folderD
read only = no
writeable = yes
create mask = 770
directory mask = 770
force directory mode = 770
force group = users_folderD
So obviously every user is in the group everybody, so they can mount the share with the subdirectories. The access for each subdirectory is working perfectly fine. But whenever Ben creates a file in folderC, the file gets the file permissions -rwxr–r– but it should be -rwxrwx—
I think the shares for the individual folders don't work at all because I tried to set writeable = no and read only = yes to test it. Restarted smbd and nmbd and remounted the network share (in Windows 10). The users were able to create files and modify their own.
This runs on a raspberry pi with raspbian. The hard drive with the files is formatted as ext4 and mounted via fstab.
Best Answer
Try this config (for share sections):
Do not forget to check the config and restart samba:
Set permissions:
This way direct access to internal folders is not allowed. Moreover, they are not visible at all and can only be accessed through the parent folder.